mirror of
https://github.com/openai/codex.git
synced 2026-04-24 22:54:54 +00:00
2616c7cf12
## Why
`bazel.yml` already builds and tests the Bazel graph, but `rust-ci.yml`
still runs `cargo clippy` separately. This PR starts the transition to a
Bazel-backed lint lane for `codex-rs` so we can eventually replace the
duplicate Rust build, test, and lint work with Bazel while explicitly
keeping the V8 Bazel path out of scope for now.
To make that lane practical, the workflow also needs to look like the
Bazel job we already trust. That means sharing the common Bazel setup
and invocation logic instead of hand-copying it, and covering the arm64
macOS path in addition to Linux.
Landing the workflow green also required fixing the first lint findings
that Bazel surfaced and adding the matching local entrypoint.
## What changed
- add a reusable `build:clippy` config to `.bazelrc` and export
`codex-rs/clippy.toml` from `codex-rs/BUILD.bazel` so Bazel can run the
repository's existing Clippy policy
- add `just bazel-clippy` so the local developer entrypoint matches the
new CI lane
- extend `.github/workflows/bazel.yml` with a dedicated Bazel clippy job
for `codex-rs`, scoped to `//codex-rs/... -//codex-rs/v8-poc:all`
- run that clippy job on Linux x64 and arm64 macOS
- factor the shared Bazel workflow setup into
`.github/actions/setup-bazel-ci/action.yml` and the shared Bazel
invocation logic into `.github/scripts/run-bazel-ci.sh` so the clippy
and build/test jobs stay aligned
- fix the first Bazel-clippy findings needed to keep the lane green,
including the cross-target `cmsghdr::cmsg_len` normalization in
`codex-rs/shell-escalation/src/unix/socket.rs` and the no-`voice-input`
dead-code warnings in `codex-rs/tui` and `codex-rs/tui_app_server`
## Verification
- `just bazel-clippy`
- `RUNNER_OS=macOS ./.github/scripts/run-bazel-ci.sh -- build
--config=clippy --build_metadata=COMMIT_SHA=local-check
--build_metadata=TAG_job=clippy -- //codex-rs/...
-//codex-rs/v8-poc:all`
- `bazel build --config=clippy
//codex-rs/shell-escalation:shell-escalation`
- `CARGO_TARGET_DIR=/tmp/codex4-shell-escalation-test cargo test -p
codex-shell-escalation`
- `ruby -e 'require "yaml";
YAML.load_file(".github/workflows/bazel.yml");
YAML.load_file(".github/actions/setup-bazel-ci/action.yml")'`
## Notes
- `CARGO_TARGET_DIR=/tmp/codex4-tui-app-server-test cargo test -p
codex-tui-app-server` still hits existing guardian-approvals test and
snapshot failures unrelated to this PR's Bazel-clippy changes.
Related: #15954
116 lines
4.9 KiB
Plaintext
116 lines
4.9 KiB
Plaintext
common --repo_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
|
|
common --repo_env=BAZEL_NO_APPLE_CPP_TOOLCHAIN=1
|
|
# Dummy xcode config so we don't need to build xcode_locator in repo rule.
|
|
common --xcode_version_config=//:disable_xcode
|
|
|
|
common --disk_cache=~/.cache/bazel-disk-cache
|
|
common --repo_contents_cache=~/.cache/bazel-repo-contents-cache
|
|
common --repository_cache=~/.cache/bazel-repo-cache
|
|
common --remote_cache_compression
|
|
startup --experimental_remote_repo_contents_cache
|
|
|
|
common --experimental_platform_in_output_dir
|
|
|
|
# Runfiles strategy rationale: codex-rs/utils/cargo-bin/README.md
|
|
common --noenable_runfiles
|
|
|
|
common --enable_platform_specific_config
|
|
common:linux --host_platform=//:local_linux
|
|
common:windows --host_platform=//:local_windows
|
|
common --@rules_cc//cc/toolchains/args/archiver_flags:use_libtool_on_macos=False
|
|
common --@llvm//config:experimental_stub_libgcc_s
|
|
|
|
# We need to use the sh toolchain on windows so we don't send host bash paths to the linux executor.
|
|
common:windows --@rules_rust//rust/settings:experimental_use_sh_toolchain_for_bootstrap_process_wrapper
|
|
|
|
# TODO(zbarsky): rules_rust doesn't implement this flag properly with remote exec...
|
|
# common --@rules_rust//rust/settings:pipelined_compilation
|
|
|
|
common --incompatible_strict_action_env
|
|
# Not ideal, but We need to allow dotslash to be found
|
|
common:linux --test_env=PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
|
|
common:macos --test_env=PATH=/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
|
|
|
|
# Pass through some env vars Windows needs to use powershell?
|
|
common:windows --test_env=PATH
|
|
common:windows --test_env=SYSTEMROOT
|
|
common:windows --test_env=COMSPEC
|
|
common:windows --test_env=WINDIR
|
|
|
|
common --test_output=errors
|
|
common --bes_results_url=https://app.buildbuddy.io/invocation/
|
|
common --bes_backend=grpcs://remote.buildbuddy.io
|
|
common --remote_cache=grpcs://remote.buildbuddy.io
|
|
common --remote_download_toplevel
|
|
common --nobuild_runfile_links
|
|
common --remote_timeout=3600
|
|
common --noexperimental_throttle_remote_action_building
|
|
common --experimental_remote_execution_keepalive
|
|
common --grpc_keepalive_time=30s
|
|
|
|
# This limits both in-flight executions and concurrent downloads. Even with high number
|
|
# of jobs execution will still be limited by CPU cores, so this just pays a bit of
|
|
# memory in exchange for higher download concurrency.
|
|
common --jobs=30
|
|
|
|
common:remote --extra_execution_platforms=//:rbe
|
|
common:remote --remote_executor=grpcs://remote.buildbuddy.io
|
|
common:remote --jobs=800
|
|
# TODO(team): Evaluate if this actually helps, zbarsky is not sure, everything seems bottlenecked on `core` either way.
|
|
# Enable pipelined compilation since we are not bound by local CPU count.
|
|
#common:remote --@rules_rust//rust/settings:pipelined_compilation
|
|
|
|
# GitHub Actions CI configs.
|
|
common:ci --remote_download_minimal
|
|
common:ci --keep_going
|
|
common:ci --verbose_failures
|
|
common:ci --build_metadata=REPO_URL=https://github.com/openai/codex.git
|
|
common:ci --build_metadata=ROLE=CI
|
|
common:ci --build_metadata=VISIBILITY=PUBLIC
|
|
|
|
# Disable disk cache in CI since we have a remote one and aren't using persistent workers.
|
|
common:ci --disk_cache=
|
|
|
|
# Shared config for the main Bazel CI workflow.
|
|
common:ci-bazel --config=ci
|
|
common:ci-bazel --build_metadata=TAG_workflow=bazel
|
|
|
|
# Shared config for Bazel-backed Rust linting.
|
|
build:clippy --aspects=@rules_rust//rust:defs.bzl%rust_clippy_aspect
|
|
build:clippy --output_groups=+clippy_checks
|
|
build:clippy --@rules_rust//rust/settings:clippy.toml=//codex-rs:clippy.toml
|
|
|
|
# Rearrange caches on Windows so they're on the same volume as the checkout.
|
|
common:ci-windows --config=ci-bazel
|
|
common:ci-windows --build_metadata=TAG_os=windows
|
|
common:ci-windows --repo_contents_cache=D:/a/.cache/bazel-repo-contents-cache
|
|
common:ci-windows --repository_cache=D:/a/.cache/bazel-repo-cache
|
|
|
|
# We prefer to run the build actions entirely remotely so we can dial up the concurrency.
|
|
# We have platform-specific tests, so we want to execute the tests on all platforms using the strongest sandboxing available on each platform.
|
|
|
|
# On linux, we can do a full remote build/test, by targeting the right (x86/arm) runners, so we have coverage of both.
|
|
# Linux crossbuilds don't work until we untangle the libc constraint mess.
|
|
common:ci-linux --config=ci-bazel
|
|
common:ci-linux --build_metadata=TAG_os=linux
|
|
common:ci-linux --config=remote
|
|
common:ci-linux --strategy=remote
|
|
common:ci-linux --platforms=//:rbe
|
|
|
|
# On mac, we can run all the build actions remotely but test actions locally.
|
|
common:ci-macos --config=ci-bazel
|
|
common:ci-macos --build_metadata=TAG_os=macos
|
|
common:ci-macos --config=remote
|
|
common:ci-macos --strategy=remote
|
|
common:ci-macos --strategy=TestRunner=darwin-sandbox,local
|
|
|
|
# Linux-only V8 CI config.
|
|
common:ci-v8 --config=ci
|
|
common:ci-v8 --build_metadata=TAG_workflow=v8
|
|
common:ci-v8 --build_metadata=TAG_os=linux
|
|
common:ci-v8 --config=remote
|
|
common:ci-v8 --strategy=remote
|
|
|
|
# Optional per-user local overrides.
|
|
try-import %workspace%/user.bazelrc
|